blob: dc033c1cb85a957748323a63d5c1c14a9a084f09 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
--- ./config/policy.xml.orig 2016-06-10 07:19:41.000000000 -0500
+++ ./config/policy.xml 2016-06-17 17:30:47.311584022 -0500
@@ -49,6 +49,21 @@
exceeds policy maximum so memory limit is 1GB).
-->
<policymap>
+ <policy domain="cache" name="shared-secret" value="passphrase" stealth="true"/>
+ <!-- SECURITY: disable potentially insecure coders: -->
+ <policy domain="coder" rights="none" pattern="EPHEMERAL" />
+ <policy domain="coder" rights="none" pattern="HTTPS" />
+ <policy domain="coder" rights="none" pattern="MVG" />
+ <policy domain="coder" rights="none" pattern="MSL" />
+ <policy domain="coder" rights="none" pattern="TEXT" />
+ <policy domain="coder" rights="none" pattern="SHOW" />
+ <policy domain="coder" rights="none" pattern="WIN" />
+ <policy domain="coder" rights="none" pattern="PLT" />
+ <!-- SECURITY: prevent indirect reads: -->
+ <policy domain="path" rights="none" pattern="@*" />
+ <!-- SECURITY: prevent pipe to shell: -->
+ <policy domain="path" rights="none" pattern="|*" />
+ <!-- Some examples: -->
<!-- <policy domain="resource" name="temporary-path" value="/tmp"/> -->
<!-- <policy domain="resource" name="memory" value="2GiB"/> -->
<!-- <policy domain="resource" name="map" value="4GiB"/> -->
@@ -61,8 +76,4 @@
<!-- <policy domain="resource" name="throttle" value="0"/> -->
<!-- <policy domain="resource" name="time" value="3600"/> -->
<!-- <policy domain="system" name="precision" value="6"/> -->
- <!-- <policy domain="coder" rights="none" pattern="MVG" /> -->
- <!-- <policy domain="delegate" rights="none" pattern="HTTPS" /> -->
- <!-- <policy domain="path" rights="none" pattern="@*"/> -->
- <policy domain="cache" name="shared-secret" value="passphrase" stealth="true"/>
</policymap>
|
